No announcement yet.

Active directory problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • Active directory problem

    We have windows 2000 , the history of this system is every admin we hired before me he did some changes to AD , now we end with when I create a user he or she can join domain , it shouldn't go that way. also user cannot change password , the massage says you cannot change password this time.
    We want to start migrate to windows 2003 , but I am still wondering , should I start everything form scratch , means create new users , OUs , and build AD again. but if I do this I will have permission problem with all the old resources , if I restore AD from Backup it will be the same problem again. I don't know what to do. is there is any tools to analyze active directory first to check if there is group policy conflicts. please advice.

  • #2
    Re: Active directory problem

    One of the best tools to analyze the effects of GPOs on a computer or user object is Resultant Set of Policy (RSOP) in either logging or planning mode.

    RSOP can be invoked in a few different ways, including:
    + Right click a computer or user object in Active Directory and Computers
    + Run RSOP.MSC in a command prompt

    The Group Policy Management Console (GPMC.MSC) also makes managing GPOs much easier than using Active Directory Users and Computers. GPMC is a downloadable tool from Microsoft's website.

    On your decision to push forward with your current AD or start over from scratch? I sense you're giving up too easily. That decision is entirely up to you and your business. For a medium to large business, this may be an impossible task. For a small AD implementation, it may be manageable but not without a lot of work and you'll probably need a lot of help from your peers and your end users (for testing) to get it all done in one weekend.

    I would first start by creating an analysis of all issues you have with your current AD infrastructure. I would then take the list of issues and give them a severity rating of 1, 2, or 3 (or low, medium, high). Once you've done this, sort your problems by severity and look at all the highest severity problems. These are the problems that cause you and your users the most pain. What can be done to resolve these problems without starting over from scratch? How much time will it take? While we are on this subject, starting over from scratch should always be your absolute last option. The only situation I can think of offhand that would warrant starting over from scratch would be a damaged schema. You might be surprised to find out that most other problems can be resolved without starting over, although it may take a lot of work and time on the phone with Microsoft.

    Small to medium issues don't warrant starting over from scratch. If you're not already put out of business by these problems, then they can be worked through and resolved. Starting over is not a decision to be taken lightly, and I could almost guarantee management is not going to be happy about starting over and what problems will come from that.

    Who knows, some of your existing problems may be resolved automatically by moving to Windows Server 2003. At any rate, assuming you do migrate your Active Directory to Windows Server 2003, be sure to follow MS KB article Q325379 in detail which basically walks you through making sure there are no pre-existing problems with your AD domain controllers that will foul up your conversion to 2003. Do not skip this step. This would be like jumping out of a plane without testing your parachute first.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+ - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.


    • #3
      Re: Active directory problem

      Thank you so much ,
      I think we have the same vision , the problem is my colleagues want to rebuild AD from the scratch , me I don't want that , I am agree with you that will be nightmare for all of us.